Security
reporting creates a snapshot of metadata-layer access control settings. SAS
provides the %MDSECDS autocall macro to enable you to easily build data sets
of permissions information. You can use those data sets as the data source
for security reports. You can also identify changes in settings by comparing
data sets that are generated at different times. See Security Report Macros.
Security
logging records security-related events as part of a system-wide logging facility.
The following table describes the security log categories:
Logging of Security Events
|
Category |
Events Captured |
|
Audit.Authentication |
Authentication events, client connection information. |
|
Audit.Meta.Security.UserAdm |
Changes to users, groups, roles, logins, and authentication
domains. Includes additions, deletions, modifications, and failed attempts
to perform these actions. |
|
Audit.Meta.Security.GrpAdm |
Changes to memberships (for groups or roles). Includes adding
members, removing members, and failed attempts to perform these actions. |
|
Audit.Meta.Security.AccCtrlAdm |
Changes to permissions, permission settings, ACTs, and passwords.*
Includes additions, deletions, modifications, and failed attempts to perform
these actions. |
|
Audit.Meta.Security |
The parent category for security events. Logging settings
that you define for this category apply to its child categories. |
| *
This is for passwords on objects such as Tables, Connections, and
ProtectedPassthrus. |
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.
